MicrosoftDocs
diff --git a/‎articles/batch/TOC.yml
Lines changed: 7 additions & 7 deletions b/‎articles/batch/TOC.yml
Lines changed: 7 additions & 7 deletions
diff --git a/‎articles/batch/batch-certificate-migration-guide.md
Lines changed: 86 additions & 52 deletions b/‎articles/batch/batch-certificate-migration-guide.md
Lines changed: 86 additions & 52 deletions
@@ -103,18 +103,18 @@
     href: high-availability-disaster-recovery.md
   - name: Task runtime environment variables
     href: batch-compute-node-environment-variables.md
-  - name: Retirements
+  - name: Feature retirements
     items:
-    - name: Batch Certificates Migration Guide
+    - name: Batch certificates
       href: batch-certificate-migration-guide.md
-    - name: Batch pools without public IP addresses classic Retirement Migration Guide
+    - name: Pools without public IP addresses (classic)
       href: batch-pools-without-public-IP-addresses-classic-retirement-migration-guide.md
-    - name: Batch TLS 1.0_1 Migration Guide
+    - name: TLS 1.0 and TLS 1.1 
       href: batch-tls-101-migration-guide.md
-    - name: Job Pool Lifetime Statistics Migration Guide
+    - name: Job and pool lifetime statistics
       href: job-pool-lifetime-statistics-migration-guide.md
-    - name: Low Priority VMs Retirement Migration Guide
-      href: low-priority-VMs-retirement-migration-guide.md
+    - name: Low-priority virtual machines
+      href: low-priority-vms-retirement-migration-guide.md
 - name: How-to guides
   items:
   - name: Manage Batch accounts
 
@@ -1,91 +1,125 @@
 ---
-title: Batch Certificate Migration Guide
-description: Describes the migration steps for the batch certificates and the end of support details.
+title: Migrate Batch certificates to Azure Key Vault
+description: Learn how to migrate access management from using certificates in Azure Batch to Azure Key Vault and plan for feature end of support.
 author: harperche
 ms.author: harpercheng
 ms.service: batch
-ms.topic: how-to #Required; leave this attribute/value as-is.
+ms.topic: how-to
 ms.date: 08/15/2022
 ---
-# Batch Certificate Migration Guide
 
-Securing the application and critical information has become essential in today's needs. With growing customers and increasing demand for security, managing key information plays a significant role in securing data. Many customers need to store secure data in the application, and it needs to be managed to avoid any leakage. In addition, only legitimate administrators or authorized users should access it. Azure Batch offers Certificates created and managed by the Batch service. Azure Batch also provides a Key Vault option, and it's considered an azure-standard method for delivering more controlled secure access management.
+# Migrate Batch certificates to Azure Key Vault
 
-Azure Batch provides certificates feature at the account level. Customers must generate the Certificate and upload it manually to the Azure Batch via the portal. To access the Certificate, it must be associated and installed for the 'Current User.' The Certificate is usually valid for one year and must follow a similar procedure every year.
+On *February 29, 2024*, the certificates feature for Azure Batch access management will be retired. Learn how to migrate your access management approach from using certificates in Azure Batch to using Azure Key Vault.
 
-For Azure Batch customers, a secure way of access should be provided in a more standardized way, reducing any manual interruption and reducing the readability of key generated. Therefore, we'll retire the certificate feature on **29 February 2024** to reduce the maintenance effort and better guide customers to use Azure Key Vault as a standard and more modern method with advanced security. After it's retired, the Certificate functionality may cease working properly. Additionally, pool creation with certificates will be rejected and possibly resize up.
+## About the feature
 
-## Retirement alternatives
+Often, you need to store secure data for an application. Your data must be securely managed so that only administrators or authorized users can access it.
 
-Azure Key Vault is the service provided by Microsoft Azure to store and manage secrets, certificates, tokens, keys, and other configuration values that authenticated users access the applications and services. The original idea was to remove the hard-coded storing of these secrets and keys in the application code.
+Currently, Azure Batch offers two ways to secure access. You can use a certificate that you create and manage in Azure Batch or you can use Azure Key Vault to store an access key. Using a key vault is an Azure-standard way to deliver more controlled secure access management.
 
-Azure Key Vault provides security at the transport layer by ensuring any data flow from the key vault to the client application is encrypted. Azure key vault stores the secrets and keys with such strong encryption that even Microsoft itself won't see the keys or secrets in any way.
+You can use a certificate at the account level in Azure Batch. You must generate the certificate and upload it manually to Batch by using the Azure portal. To access the certificate, the certificate must be associated with and installed for only the current user. A certificate typically is valid for one year, and it must be updated each year.
 
-Azure Key Vault provides a secure way to store the information and define the fine-grained access control. All the secrets can be managed from one dashboard. Azure Key Vault can store the key in the software-protected or hardware protected by hardware security module (HSMs) mechanism. In addition, it has a mechanism to auto-renew the Key Vault certificates.
+## Feature end of support
 
-## Migration steps
+To move toward a simpler, standardized way to secure access to your Batch resources, on February 29, 2024, we'll retire the certificates feature in Azure Batch. We recommend that you use Azure Key Vault as a standard and more modern method to secure your resources in Batch.
 
-Azure Key Vault can be created in three ways:
+In Key Vault, you get these benefits:
 
-1. Using Azure portal
+- Reduced manual maintenance and streamlined maintenance overall
+- Reduced access to and readability of the key that's generated
+- Advanced security
 
-2. Using PowerShell
+After the certificates feature in Azure Batch is retired on February 29, 2024, a certificate in Batch might not work as expected. After that date, you won't be able to create a pool by using a certificate. Pools that continue to use certificates after the feature is retired might increase in size and cost.
 
-3. Using CLI
+## Alternative: Use Key Vault
 
-**Create Azure Key Vault step by step procedure using Azure portal:**
+Azure Key Vault is an Azure service you can use to store and manage secrets, certificates, tokens, keys, and other configuration values that give authenticated users access to secure applications and services. Key Vault is based on the idea that security is improved and standardized when you remove hard-coded secrets and keys from application code that's deployed.
 
-__Prerequisite__: Valid Azure subscription and owner/contributor access on Key Vault service.
+Key Vault provides security at the transport layer by ensuring that any data flow from the key vault to the client application is encrypted. Azure Key Vault stores secrets and keys with such strong encryption that even Microsoft can't read key vault-protected keys and secrets.
 
-   1. Log in to the Azure portal.
+Azure Key Vault gives you a secure way to store essential access information and to set fine-grained access control. You can manage all secrets from one dashboard. Choose to store a key in either software-protected or hardware-protected hardware security modules (HSMs). You also can set Key Vault to auto-renew certificates
 
-   2. In the top-level search box, look for **Key Vaults**.
+## Create a key vault
 
-   3. In the Key Vault dashboard, click on create and provide all the details like subscription, resource group, Key Vault name, select the pricing tier (standard/premium), and select region. Once all these details are provided, click on review, and create. This will create the Key Vault account.
+To create a key vault to manage access for Batch resources, use one of the following options:
 
-   4. Key Vault names need to be unique across the globe. Once any user has taken a name, it won’t be available for other users.
+- Azure portal
+- PowerShell
+- Azure CLI
 
-   5. Now go to the newly created Azure Key Vault. There you can see the vault name and the vault URI used to access the vault.
+### Create a key vault by using the Azure portal
 
-**Create Azure Key Vault step by step using the Azure PowerShell:**
+- **Prerequisites**: To create a key vault by using the Azure portal, you must have a valid Azure subscription and Owner or Contributor access for Azure Key Vault.
 
-   1. Log in to the user PowerShell using the following command - Login-AzAccount
+To create a key vault:
 
-   2. Create an 'azure secure' resource group in the 'eastus' location. You can change the name and location as per your need.
-``` 
-  New-AzResourceGroup -Name "azuresecure" -Location "EastUS"
-```
-   3. Create the Azure Key Vault using the cmdlet. You need to provide the key vault name, resource group, and location.
-```
-  New-AzKeyVault -Name "azuresecureKeyVault" -ResourceGroupName "azuresecure" -Location "East US"
-``` 
+1. Sign in to the Azure portal.
 
-   4. Created the Azure Key Vault successfully using the PowerShell cmdlet.
+1. Search for **key vaults**.
 
-**Create Azure Key Vault step by step using the Azure CLI bash:**
+1. In the Key Vault dashboard, select **Create**.
 
-   1. Create an 'azure secure' resource in the 'eastus' location. You can change the name and location as per your need. Use the following bash command.
-``` 
-  az group create –name "azuresecure" -l "EastUS."
-``` 
+1. Enter or select your subscription, a resource group name, a key vault name, the pricing tier (Standard or Premium), and the region closest to your users. Each key vault name must be unique in Azure.
 
-   2. Create the Azure Key Vault using the bash command. You need to provide the key vault name, resource group, and location.
-``` 
-  az keyvault create –name “azuresecureKeyVault” –resource-group “azure” –location “EastUS”
-```
-   3. Successfully created the Azure Key Vault using the Azure CLI bash command.
+1. Select **Review**, and then select **Create** to create the key vault account.
 
-## FAQ
+1. Go to the key vault you created. The key vault name and the URI you use to access the vault are shown under deployment details.
 
-   1. Is Certificates or Azure Key Vault recommended?  
-   Azure Key Vault is recommended and essential to protect the data in the cloud.
+For more information, see [Quickstart: Create a key vault by using the Azure portal](../key-vault/general/quick-create-portal.md).
 
-   2. Does user subscription mode support Azure Key Vault?   
-   Yes, it's mandatory to create Key Vault while creating the Batch account in user subscription mode.
+### Create a key vault by using PowerShell
 
-   3. Are there best practices to use Azure Key Vault?   
-   Best practices are covered [here](../key-vault/general/best-practices.md).
+1. Use the PowerShell option in Azure Cloud Shell to sign in to your account:
+
+   ```powershell
+   Login-AzAccount
+   ```
+
+1. Use the following command to create a new resource group in the region that's closest to your users. For the `<placeholder>` values, enter the information for the Key Vault instance you want to create.
+
+   ```powershell
+   New-AzResourceGroup -Name <ResourceGroupName> -Location <Location>
+   ```
+
+1. Use the following cmdlet to create the key vault. For the `<placeholder>` values, use the use key vault name, resource group name, and region for the key vault you want to create.
+
+   ```powershell
+   New-AzKeyVault -Name <KeyVaultName> -ResourceGroupName <ResourceGroupName> -Location <Location>
+   ```
+
+For more information, see [Quickstart: Create a key vault by using PowerShell](../key-vault/general/quick-create-powershell.md).
+
+### Create a key vault by using the Azure CLI
+
+1. Use the Bash option in the Azure CLI to create a new resource group in the region that's closest to your users. For the `<placeholder>` values, enter the information for the Key Vault instance you want to create.
+
+   ```bash
+   az group create -name <ResourceGroupName> -l <Location>
+   ```
+
+1. Create the key vault by using the following command. For the `<placeholder>` values, use the use key vault name, resource group name, and region for the key vault you want to create.
+
+   ```bash
+   az keyvault create -name <KeyVaultName> -resource-group <ResourceGroupName> -location <Location>
+   ```
+
+For more information, see [Quickstart: Create a key vault by using the Azure CLI](../key-vault/general/quick-create-cli.md).
+
+## FAQs
+
+- Does Microsoft recommend using Azure Key Vault for access management in Batch?
+
+  Yes. We recommend that you use Azure Key Vault as part of your approach to essential data protection in the cloud.
+
+- Does user subscription mode support Azure Key Vault?
+
+  Yes. In user subscription mode, you must create the key vault at the time you create the Batch account.
+
+- Where can I find best practices for using Azure Key Vault?
+  
+  See [Azure Key Vault best practices](../key-vault/general/best-practices.md).
 
 ## Next steps
 
-For more information, see [Certificate Access Control](../key-vault/certificates/certificate-access-control.md).
+For more information, see [Key Vault certificate access control](../key-vault/certificates/certificate-access-control.md).